Learn more about the Cortex XSIAM predefined user role called IT Admin.
Manage and control endpoints and installations, configure Broker VMs, view endpoint profiles and policies, and view alerts.
The IT Admin extends the Deployment Admin with incident and alert visibility, host insights, and general configuration access.
Tip
Assign to IT administrators who need security awareness but without security authority. They need to see issues and policies (troubleshooting, understanding endpoint behavior), but cannot configure or respond to incidents.
To quickly see exactly which pages and actions a role allows, click on the role name, which opens a read-only view of all checked permissions. For more information about the permissions, see Role permissions by components.